Forum Discussion

Nimbostratus

Aug 09, 2019

HTTP 401 Response - Missing Split domain from full username - V13.1.1.4

Hi there F5 community, I'm struggling with an authentication error. Currently I'm using a logon page with the option "Split domain from full username" and it's working, for another scenario, I ...

application delivery

BIG-IP Access Policy Manager (APM)

boneyard

MVP

Aug 13, 2019

session.logon.last.username

Christian_Nishi

Nimbostratus

Sep 02, 2019

I tried with several combinations, but still no luck

session.logon.last.username and session.logon.last.logonname are using the right user (Domain\User)

Looking on the APM log, I see:

Username 'mydomain\myuser'

AD module: authentication with 'mydomain\\myuser@trusteddomain' failed: Client 'mydomain\\myuser\@trustedomain@trusteddomain' not found in Kerberos database, principal name: mydomain\myuser@trustedomain. Please verify Active Directory and DNS configuration. (-1765328378)

I have a multidomain environment, AD auth is configured with Trusted Domains and looks like is using the default domain to complete the user name. Can't find a way to use the last.logonname or last.username agains the AD Auth...

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)